DLP Policy for Incoming Emails

To configure DLP policy for incoming emails:

  1. Navigate to Policy.

  2. Click Add a New Policy Rule.

  3. Select the desired SaaS application under Choose SaaS drop-down.

  4. Select DLP under Choose Security drop-down and click Next.

  5. Select Prevent (Inline) mode.

  6. Select the Scope of the policy:

    1. Select email direction as Inbound.

    2. Under Senders, select the Specific Users and Groups the policy applies to.

  7. In the DLP Criteria section, do these:

    1. Select the required DLP Categories.

    2. Select the required Sensitivity Level. See DLP Policy Sensitivity Level.

    3. If you need to add a subject regular expression as the matching criteria to the DLP policy, under Advanced, enable the Enable matching based on subject regular expression checkbox and enter the regular expression. See DLP Subject Regular Expression (Regex).

  8. In the DLP Workflow section, select the required workflow. See DLP Workflows for Incoming Emails.

  9. Select the required Severity.

  10. Select the required DLP Alerts. See DLP Alerts for Incoming Emails.

  11. Click Save and Apply.

    Note - Applying a Prevent (Inline) rule could take up to an hour to take effect, depending on the number of protected users in the Harmony Email & Collaboration account.

For more details about configuring the DLP engine, see Data Loss Prevention .

DLP Workflows for Incoming Emails

Workflow

Description

Email is blocked. User is alerted and allowed to request a restore (admin must approve)

Detected email will not be delivered to the recipient and will be moved to quarantine mailbox. The user will receive an email with an alert of the quarantine action, and will be able to request to restore the original email (send the original email to the recipient).

Email is blocked. User is alerted and allowed to restore the email

Any detected email will not be delivered to the recipient and will be moved to quarantine mailbox; the user will receive an email with alert of the quarantine action, and will be able to restore the original email (send the original email to the recipient).

Do nothing

Any detected email will be delivered to the recipient without any changes.

User receives the email with a warning

The email is delivered to the user with a warning banner inserted in the body of the email. To customize the banner (text, background color etc.), click the gear icon next to the workflow.

Email is allowed. Header is added to the email

The detected email is delivered to the recipient with an additional header that can be configured in the policy.

Email is blocked. User is not alerted (admin can restore)

Detected email will not be delivered to the recipient and is automatically quarantined without any user notification. The administrator can restore the email.

To create Allow-List for DLP, see DLP Exceptions.

DLP Alerts for Incoming Emails

You can configure alerts for incoming emails detected to contain a DLP violation:

  • Send alert on this violation to specific mailboxes.

  • Send email alerts to admins.

  • Alert the external sender about the violation when the email is quarantined.